public function testCreateUpdateListCancel()
{
$planID = 'gold-' . self::generateRandomString(20);
self::retrieveOrCreatePlan($planID);
$customer = self::createTestCustomer();
$sub = Subscription::create(array('plan' => $planID, 'customer' => $customer->id));
$this->assertSame($sub->status, 'active');
$this->assertSame($sub->plan->id, $planID);
$sub->quantity = 2;
$sub->save();
$sub = Subscription::retrieve($sub->id);
$this->assertSame($sub->status, 'active');
$this->assertSame($sub->plan->id, $planID);
$this->assertSame($sub->quantity, 2);
// Update the quantity parameter one more time
$sub = Subscription::update($sub->id, array("quantity" => 3));
$this->assertSame($sub->status, 'active');
$this->assertSame($sub->plan->id, $planID);
$this->assertSame($sub->quantity, 3);
$subs = Subscription::all(array('customer' => $customer->id, 'plan' => $planID, 'limit' => 3));
$this->assertSame(get_class($subs->data[0]), 'Stripe\\Subscription');
$sub->cancel(array('at_period_end' => true));
$sub = Subscription::retrieve($sub->id);
$this->assertSame($sub->status, 'active');
$this->assertTrue($sub->cancel_at_period_end);
}
public function testCreateUpdateListCancelWithItems()
{
$planID = 'gold-' . self::generateRandomString(20);
self::retrieveOrCreatePlan($planID);
$customer = self::createTestCustomer();
$sub = Subscription::create(array('customer' => $customer->id, 'items' => array(array('plan' => $planID))));
$this->assertSame(count($sub->items->data), 1);
$this->assertSame($sub->items->data[0]->plan->id, $planID);
$sub = Subscription::update($sub->id, array('items' => array(array('plan' => $planID))));
$this->assertSame(count($sub->items->data), 2);
$this->assertSame($sub->items->data[0]->plan->id, $planID);
$this->assertSame($sub->items->data[1]->plan->id, $planID);
}
/**
* Save a subscription
*
* Saves the subscription from $subscriber_uri to $subscribed_user_uri.
* Throws exceptions in case of error.
*
* @param string $subscriber_uri The OMB identifier URI specifying
* the subscribing profile
*
* @param string $subscribed_user_uri The OMB identifier URI specifying
* the subscribed profile
* @param OAuthToken $token The access token
*
* @access public
**/
public function saveSubscription($subscriber_uri, $subscribed_user_uri, $token)
{
$sub = new Subscription();
$subscribed = $this->_getAnyProfile($subscribed_user_uri);
$subscriber = $this->_getAnyProfile($subscriber_uri);
if (!$subscriber->hasRight(Right::SUBSCRIBE)) {
common_log(LOG_INFO, __METHOD__ . ": remote subscriber banned ({$subscriber_uri} subbing to {$subscribed_user_uri})");
// TRANS: Error message displayed to a banned user when they try to subscribe.
return _('You have been banned from subscribing.');
}
$sub->subscribed = $subscribed->id;
$sub->subscriber = $subscriber->id;
$sub_exists = $sub->find(true);
if ($sub_exists) {
$orig_sub = clone $sub;
} else {
$sub->created = DB_DataObject_Cast::dateTime();
}
$sub->token = $token->key;
$sub->secret = $token->secret;
if ($sub_exists) {
$result = $sub->update($orig_sub);
} else {
$result = $sub->insert();
}
if (!$result) {
common_log_db_error($sub, $sub_exists ? 'UPDATE' : 'INSERT', __FILE__);
// TRANS: Exception thrown when creating a new subscription fails in OAuth store.
throw new Exception(_('Could not insert new subscription.'));
return;
}
/* Notify user, if necessary. */
if ($subscribed instanceof User) {
mail_subscribe_notify_profile($subscribed, Profile::staticGet($subscriber->id));
}
}
function handle($args)
{
parent::handle($args);
if (common_logged_in()) {
$this->clientError(_('You can use the local subscription!'));
return;
}
$omb = $_SESSION['oauth_authorization_request'];
if (!$omb) {
$this->clientError(_('Not expecting this response!'));
return;
}
common_debug('stored request: ' . print_r($omb, true), __FILE__);
common_remove_magic_from_request();
$req = OAuthRequest::from_request();
$token = $req->get_parameter('oauth_token');
# I think this is the success metric
if ($token != $omb['token']) {
$this->clientError(_('Not authorized.'));
return;
}
$version = $req->get_parameter('omb_version');
if ($version != OMB_VERSION_01) {
$this->clientError(_('Unknown version of OMB protocol.'));
return;
}
$nickname = $req->get_parameter('omb_listener_nickname');
if (!$nickname) {
$this->clientError(_('No nickname provided by remote server.'));
return;
}
$profile_url = $req->get_parameter('omb_listener_profile');
if (!$profile_url) {
$this->clientError(_('No profile URL returned by server.'));
return;
}
if (!Validate::uri($profile_url, array('allowed_schemes' => array('http', 'https')))) {
$this->clientError(_('Invalid profile URL returned by server.'));
return;
}
if ($profile_url == common_local_url('showstream', array('nickname' => $nickname))) {
$this->clientError(_('You can use the local subscription!'));
return;
}
common_debug('listenee: "' . $omb['listenee'] . '"', __FILE__);
$user = User::staticGet('nickname', $omb['listenee']);
if (!$user) {
$this->clientError(_('User being listened to doesn\'t exist.'));
return;
}
$other = User::staticGet('uri', $omb['listener']);
if ($other) {
$this->clientError(_('You can use the local subscription!'));
return;
}
$fullname = $req->get_parameter('omb_listener_fullname');
$homepage = $req->get_parameter('omb_listener_homepage');
$bio = $req->get_parameter('omb_listener_bio');
$location = $req->get_parameter('omb_listener_location');
$avatar_url = $req->get_parameter('omb_listener_avatar');
list($newtok, $newsecret) = $this->access_token($omb);
if (!$newtok || !$newsecret) {
$this->clientError(_('Couldn\'t convert request tokens to access tokens.'));
return;
}
# XXX: possible attack point; subscribe and return someone else's profile URI
$remote = Remote_profile::staticGet('uri', $omb['listener']);
if ($remote) {
$exists = true;
$profile = Profile::staticGet($remote->id);
$orig_remote = clone $remote;
$orig_profile = clone $profile;
# XXX: compare current postNotice and updateProfile URLs to the ones
# stored in the DB to avoid (possibly...) above attack
} else {
$exists = false;
$remote = new Remote_profile();
$remote->uri = $omb['listener'];
$profile = new Profile();
}
$profile->nickname = $nickname;
$profile->profileurl = $profile_url;
if (!is_null($fullname)) {
$profile->fullname = $fullname;
}
if (!is_null($homepage)) {
$profile->homepage = $homepage;
}
if (!is_null($bio)) {
$profile->bio = $bio;
}
if (!is_null($location)) {
$profile->location = $location;
}
if ($exists) {
$profile->update($orig_profile);
} else {
$profile->created = DB_DataObject_Cast::dateTime();
# current time
$id = $profile->insert();
if (!$id) {
$this->serverError(_('Error inserting new profile'));
return;
}
$remote->id = $id;
}
if ($avatar_url) {
if (!$this->add_avatar($profile, $avatar_url)) {
$this->serverError(_('Error inserting avatar'));
return;
}
}
$remote->postnoticeurl = $omb['post_notice_url'];
$remote->updateprofileurl = $omb['update_profile_url'];
if ($exists) {
if (!$remote->update($orig_remote)) {
$this->serverError(_('Error updating remote profile'));
return;
}
} else {
$remote->created = DB_DataObject_Cast::dateTime();
# current time
if (!$remote->insert()) {
$this->serverError(_('Error inserting remote profile'));
return;
}
}
if ($user->hasBlocked($profile)) {
$this->clientError(_('That user has blocked you from subscribing.'));
return;
}
$sub = new Subscription();
$sub->subscriber = $remote->id;
$sub->subscribed = $user->id;
$sub_exists = false;
if ($sub->find(true)) {
$sub_exists = true;
$orig_sub = clone $sub;
} else {
$sub_exists = false;
$sub->created = DB_DataObject_Cast::dateTime();
# current time
}
$sub->token = $newtok;
$sub->secret = $newsecret;
if ($sub_exists) {
$result = $sub->update($orig_sub);
} else {
$result = $sub->insert();
}
if (!$result) {
common_log_db_error($sub, $sub_exists ? 'UPDATE' : 'INSERT', __FILE__);
$this->clientError(_('Couldn\'t insert new subscription.'));
return;
}
# Notify user, if necessary
mail_subscribe_notify_profile($user, $profile);
# Clear the data
unset($_SESSION['oauth_authorization_request']);
# If we show subscriptions in reverse chron order, this should
# show up close to the top of the page
common_redirect(common_local_url('subscribers', array('nickname' => $user->nickname)));
}
